IU: MARKS 

The Fxammet has rejected L laims 1 2 4-11 16-2^ and 2S-41 undes 3U Si 
lO^a) as being unpatentable o\ei Ydiiawin {I S Publication \o 2l , <>2/<>0$3344 '\ 1 t in 
view of Dtakc (I S Patent \o o Wo 328) \pphcam icspectfulb disd^iecs with such 
rqection. 

To establish <i ptmhf //><. h' case of oh\ lousness, three basic cmetia must be met 
Fust these must be some sueyestion Oi mutts at ion eithej m the leiaences themselves Oi 
m the knowledge genu ail \ a\ dilabk* to one of «u<finar\ skill m the att, to modifv the 
refeienee or to combine refeienee teachings Second there must be a reasonable 
expectation of success 1 tnailv , the ptfor <it i lefeienee toi icfcrences when combined) 
must teach or suggest all the claim limitations I he teaching oj suggestion to make the 
claimed combination and the seasonable expectation of success must both be found m the 
pnoi ast and not based on applicant's dtsclosuic htn'lin\k f >47 1 2d 4K8 20TM :> O2d 
1438 (Fed,Qr.l.99n. 

With respect to die fust element of the/'/ww facie case of obviousness and in 
paittculai the obviousness oi l omening the aioiementioned refeiences the Fxaminet 
aigues that it would have been ob\ ious to combine \ anas an with Drake because certain 
operating svstemfs] [mc\ more vuinciable t*^ attacks' and ' if ft weic an untiusted 
nefuoiL \ou would not want an outsidei to peuetiate voui opeiauu<i s\stem ' Ko the 
eontrarv applicant re&peotfulK a»scit\ that ?t would not ha\ e been ob\ ious to combine 
the teachings oi the \aira\an and Drake refuenees espeualb m view of (he vast 
evidence to the contrary. 

One oi the ill si mqimtes m an obviousness anaKsis is whethet all oi the 
tcfetences relied on ate analogous att 1 In order to re!\ on a teterence as a basis lot 
i election oi an applicant's invention, the iciereuce must either be m the field of 
applicant's endeavoi oi, if not, then be reasonabh peitmem to the particular pi obi em with 
winch the imemor was concerned 7h\' (kuktt 077 1 2d 1443 1446 24 \ SPQ2d 
1443, 1445 (Fed. Cir. 1992). 



Applicant respectfulis assetts that the rxamiuet has idied on non-analogous art 
so make a pjjor ait showing of applicant s claimed tnxentton Applicant iespeesfnlh 
asserts that \ atun an teaches an m\ cntion w hich o\ cicome s the deficiencies and 
Sanitations oi the prior att b\ pro\ ulmg an intci mtra-neUxoTkmg dcxtce that eompnses 
a pluiaiits of access device cauls a packet pmeessoi, a sccuntx puvcssoi a sxstcm 
processor and a switching iabuc" {.Paiasnaphs j00| "*|-fou22j - emphasis addt.fi) On the 
other hand, Diake teaches computes code piotectmg software against easesdioppmg 
local and remote tampering, examination, tracing and spoofing b\ t agues {see abstract 
and Col 3, lines ^2-38 > Clearh, combining \ atra\ an s mtet intra-networking de^ ice 
with Drake's compute: code for patenting eas esdropping, local and i emote t unpen ng 
examination , tracing and spoofing bx logues is m no v\a\ obwotis as suggested b\ the 
I xammet, because the two im emtons ate death non-analogous In \ icw of the \ asth 
diffetent t\pes of ptoblems that mtet mha-net working de\ices address as opposed to 
prexentmvr spftw are against eavesdioppmg, etc , the h xmv net \-> pioposed combination i& 
dearlv mappropn ate. 

More intpoitanth with tespt-a to the third element ot the pnmo fthii. case of 
obxiousnt'Ss applicant respectful h asseifs that the combination of the \ airaxan and 
Oiake lefeicnces fails to meet all of applicant's claim limitations Foi example with 
tespect to independent ( hunts I j and 2^ the i<\,nmnei has relied on Co! 4 hue 4~~ 
Col 5, hne M and Col 14 ,lmes J fiom the Diake refeteuce to make a pnot art 
show-rug of applicant's datmed condttumalh masking the portion oi outgoing netvsotk 
data to impel son ate a diiTeiem updating ssstem in aceoulanee with a section pobcx it 
the netwoik ts an untiusted netwoik (see tins os similai but not necessanlx identical 
language in the aforementioned independent claims) 

\pphcant tespectitilh asseits that the excel pi relied on b\ the Shammer merdx 
teaches "»exeial seeuntv-euhaucinu techniques to combat eavesdioppmg, " including 
* hampeung [thej examination oi softwate-eode operating s\ stem code oi paiis thereof 
through the use of the encn ption or patnal enerx ption of said code" and 'ptevcntmg the 
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disassembh ot said code through the inclusion of dummy instructions and pietkes and 
additional code to mislead and hamper disassembly " (emphasis added) Additional! \ the 
ewuipt caches * replacing software which is uilnejahle to eavesdioppmg with eqt tsalent 
software which is far mote secure" (emphasis added t Applicant further notes that the 
ou!\ suggestion of an operating s\ stem m Drake lelates to the fact that the tmentton m 
Diakc "has general application to main dtffeicnt opetaung s\ stems * under which rhc 
invention "is designed to operate." 

Applicant respectfully asserts that simply disclosing including dummy 

instructions and prefixes to mislead and hampei disassembly of code, m addition to 
aplacmg softvunc which is \ u! tier able to ea\csdioppmg with equivalent softwase that is 
moie secuie fails to suggest am sort of impersonation of an operating ,ssstem , as 
applicant chimb Spccifkaih, the onh suggestion of an operating s\stem m Drake 
lelaks to allowing the imention of Drake it e soitw are-based computet seeurit\ 
enhanetne process) to operate on mam difterent operating s\ stems, which clearl\ does 
not teach am soit ot impersonating a drfferuu operating system, let alone '"eoiiditionaiK 
masking the poiUon of outgoing netwoik. data to impe; senate a different operating s>stem 
in aeeotdariee with a secunts polic\ if the netwoik is an untiustcd network' (emphasis 
added), as claimed h\ applicant 

I'uitheimoie v\ith respect to the independent elaims the Lvmnner has iclied on 
fol 4, line 4"? Col ^ line ,>4, and Co! 14, lines 3. l-W fiont Drake to make a prior an 
showing of applicant's claimed ' replacing the portion of outgoing netwuik data with data 
ebaiactemtic of the different opening ssstem to pj event identification of the opejatmg 
ssstem by impersonating the diifeient operating system, tot misleading attackeis into 
attempting attacks that are unwotkable on the opeiatmu ssstem' tsee this or snntlai, but 
not necessarily identical language in the independent claims). 

Once again, applicant respectfully as sens that the excerpts relied on by the 
Examiner merely teach "several security-enhancing techniques to combat 
eavesdropping,' 1 including "preventing the disassembly of said code through the inclusion 
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of dummy instructions ami prefixes and additional code tojnisJead.and.liamH? 
disassembly (ie. obl'uscati ng i nserts )" (Col. 4, lines -17-54 - emphasis added). In addition, 
applicant notes that the only replacing taught by Drake relates to "replacing software 
which is vulnerable to eavesdropping with equivalent software which is tar more secure" 
(Col. 5, lines 21-23). Additionally, the only disclosure of an operating system in such 
excerpts from Drake simply teaches that "the invention has general application to many 
different operating systems" (Col. 14, lines 35-36 - emphasis added). 

However, the mere disclosure of "'the inclusion of dmn my i nslructi ons and 
prefixes and additional code to mislead and hamper disassembly" iemphasis added), m 
no was suggests Replacing the portion of outgoing network data with data characteristic 
of the dittereut operating system to prexent identification ot the operating system hs 
impersonating the different operating s\ stem , for misleading attackers into attempting 
attacks that ate unworkable on the opeiattng ss stenf " (emphasis added) as claimed b\ 
applicant in addition, meiely replacing vulneiable software wtth secure software does 
not e\en suggest am soit of outgoing network data, let alone '"replacing the portion of 
outgoing netwoik data with data chatactettsttc of the diffetent operating ssstem , ' m the 
context chinned In applicant iemphasts added) Furthermore, disclosing that the 
imetitjon has geneial application to mans operating s\ stems, as in Diake, fails to rise to 
the level of specificits nor e\ en suggest " impet sonating the dii't'erent operating s-\ stem , 
for misleading attackers into attempting attacks that ate unworkable on the opeiatmg 
system" (emphasis added), in the manner as claimed by applicant. 

Additional^, with respect to independent Claim J4, the bxaminei has relied on 
L ot 1 line 47 ~ Col 5, tine M tiom Dtake tiepiodueed abos el to make a prior att 
show tnt> ot applicant s claimed " data unit t\ pc ikid containing data iepiesentati\ e ot an 
identifiet ioi a t\pe of data unit, whet em information associated with the data unit is 
thai acteustic of an operating \\ stem 

\gam applicant lespeafulls asserts thai theexceipt tehed on b\ the l\aintner 
mereb discloses "the inclusion <>f dunnm mstiuctions and piefKcs and additional code 



-6- 



to mislead and hampei disassembly {emphasis added) [fowe\ei, Diake\ dssclosuie of 
including dumms instructions and piefKes and additional code in no was suggests din 
suit oi ddt.i unit t\pe Held containing data jepjesenuitue of an identiilei iui a t\pe oi 
data unit whet em information associated with tht* data unit ts chaiaitenstic ot an 
opeidting sv stem (emphasis added) as claimed b\ applicant 

Applicant lespccdulh asserts that at least tht fust and thud dements of thu pi mm 
fat tt> case uf ohs loudness has e not been met since it would be tin<>h\H»i\ to combine the 
itieienc.es is noted abo\ t and since the puoi an ttfetenees when combined (ail to 
teach oi suggest all of the chum limitations, as noted abo^ e 

\ppltcaut iui ther notes that the pnoi ait ts also deficient v> uh respect to the 
dependent claims hoi example wtth respect to ( laim ^1 u ai the t ^ ami net has iciicd on 
the foli owing excerpt ftom \ .ntawtn to make a puoi ait showing of applicant s claimed 
technique wherein the secuitt\ poiics identities the portion of outgoing nemos k data 
and specifies an autou to take to iiiask the portion of outgoing netwotk data 



Applicant tespeetiulh asset ts that the excel pt relied on b\ the fxantinei merels 
teaches that a fnewalt module max access the seeuith poiicv database to letiiexe a 
particular sennits standard or packet mai\ sts algorithm < emphasis added) I low e\ ei 
simph accessing a secants polics database in oidei to pet form serums and intrusion 
detection tunctions as in \ anas an m no wa^ oii^irests a technique wherein the secuub 
poius identifies the portion ot outgoing netwoA data and specifies an action to take to 
mask the portion of outuomu netwoil- data {emphasis added) as claimed h\ applicant 
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!n addition, with respect to Claim 5 et a.L the Examiner has relied on Col 4. line 
47 - Co!. 5, line 34 from Drake to make a prior art showing of applicant's claimed 
technique ''wherein the security policy further specifies replacement data for the portion 
of outgoing network data, the replacement data characteristic of the different operating 
system."' 

Applicant respectfully asserts that the excerpt relied on by the Examiner merely 
teaches "several security-enhancing techniques to combat eavesdropping" including 
"hampering [the] examination of software-code operating system code or parts thereof 
through the use of the encryption or partial encryption of said code. . . [and] preventing 
the disassembly of said code through the inclusion of dummy instructions and prefixes 
and additional code to misjead and jB.n.]iM\.<:!basseM?jv (ie. obfuscating inserts)'" 
(emphasis added). Additionally, the excerpt teaches 'replacing software which is 
vulnerable to eavesdropping with e^ujvaj.ejTt.soltwa which is far more secure" 
(emphasis added). 

However, using dummvjn^ to mi.sjead.and hamper the 

disassembly of code in no way suggests "replacement data characteristic of the different 
operating system '" (emphasis added), as claimed by applicant Further, replacing 
software vulnerable to eavesdropping with more secure equivalent software fails to 
suggest a technique "wherein the security policy further specifies replacement data for 
the portion of outgoing network data, the replacement data characteristic of the different 
operating ssstem" (emphasis added), as claimed by applicant 

Still yet, with respect to Claim 10 et al., the Examiner has relied on Col. 8 lines 
24-63 from Drake to make a prior art showing of applicant's claimed "sending a false 
response to the portion of incoming network data to impersonate the different operating 
system in accordance with the security policy if the network is an untrusted network " 

Applicant respectfully asserts that the excerpt relied on by the Examiner merely 
teaches : "a method of providing for a se£ure entrv ..of .ID-Data in a computer system 
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com prising activating a visual display or animation and/or audio feedback... as pail of 
said secure entry of ID-Data so as to hamper emulation of said secure entry process" 
(Col S. lines 25-30 - emphasis added ). However, providing a secure entry of ID-Data by 
activating a visual display to hamper emulation fails to even suggest ''sending a false 
response to the portion of incoming network data to impersonate the different operating 
system in accordance with the security policy if the network is an (.intrusted network"' 
(emphasis added), as claimed by applicant. Clearly, a method for a secure entry of ID- 
Data fails to even suggest ''sending a false response"' (emphasis added), in the manner as 
claimed by applicant. 

Since at least the first and third elements of the prima facie case of obvious have 
not been met. as noted above, a notice of allowance or proper prior art showing of each of 
the foregoing claim elements, in combination with the remaining claimed features, is 
respectfully requested. 

To tins end, all of the independent Jamvs die deemed allowable Moteoxei the 
jem.nmng dependent claims are fttrtiiet deemed allowable tn s few of then dependence 
on such independent claims. 

in the e\ cnt a telephone com u sation would expedite the ptoseeution of this 

application, titei vammci nun teach the undei signed at (408) W^-Sion \ ho 

f ommtssionei is authorized to charge am additional fees ot credit am o\etpa\ment to 
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